[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

redundancy

To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: redundancy
From: Matt Field <MFIELD@securenet.com.au>
Date: Thu, 24 Jun 1999 09:58:20 +1000
Sender: owner-ipsec@lists.tislabs.com

Hi,

Can anyone illustrate if and how ipsec could handle multiple ipsec
gateways to a single network.  I have come accross the following
scenario:

----------------------------------------- Network 1
	      | 
	      | D 	
	--------------
	|	 |
	|	 |
	A	 B
	|	 |
	|	 |
	\	/
	  \        /
	    \    /
	      C
	       |			
----------------------------------------- Network 2

Network 1 has D which is a Front End Processor (FEP) that performs some
kind of load balancing that may route packets either through ipsec
gateways A or B.  C is an ipsec gateway on a remote network.  The
problem is, if tunnels are created beween gateways A-C and B-C, then
when C receives a packet from Network 2 for network 1, how does
determine which SA to use since the destination address is behind both
gateways?

My guess is that this is an implementation detail and outside the scope
of IPSEC but any thoughts on this would be useful.

regards, 

Matt Field

Follow-Ups:

Re: redundancy

From: Derek Atkins <warlord@MIT.EDU>

Re: redundancy

From: Srinivasa Rao Addepalli <srao@intotoinc.com>

Prev by Date: Re: Comments about draft-ietf-ipsec-ike-01.txt
Next by Date: RE: using por numbers in selectors
Prev by thread: another public IPCP declaration
Next by thread: Re: redundancy
Index(es):
- Main
- Thread